“MiniMed 508”
Medtronic insulin pumps have cybersecurity problems that can’t
be updated or patched, and the company is recalling them
as a result, the Food and Drug Administration said Thursday.

… “The FDA is concerned that, due to
cybersecurity vulnerabilities identified in the device, someone other
than a patient, caregiver or health care provider could potentially
connect wirelessly to a nearby MiniMed insulin pump and change
the pump’s settings. This could allow a person to over
deliver insulin to a patient, leading to low blood sugar ... or to
stop insulin delivery, leading to high blood sugar and diabetic
ketoacidosis,” the FDA notice says.

As more
countries jump on Privacy, will Facebook face a ‘death of 1000
cuts?’ Okay, probably not…

Italy's
data protection watchdog slammed Facebook Friday with a fine of one
million euros ($1.1 million) for violating privacy laws over the
Cambridge
Analyticascandal.

The
penalty was for "illegal actions committed in the 'Cambridge
Analytica' case, the company that gained access to the data of 87
million usersthrough
an app for psychological tests," it said in a statement.

… Critics
slammed the watchdog for handing the social media giant a relatively
small fine, while analysts said it was low because the offence was
committed before Europe's new data protection framework came into
force.

In
December, Italy's competition authority fined Facebook 10 million
euros for selling users' data without informing them and
"aggressively" discouraging users from trying to limit how
the company shares their data.

… Agreement
is shocking in a political moment defined by polarization, but
lightning has seemingly struck twice. Microsoft and Amazon, makers
of Face API and Rekognition software, respectively, also both endorse
federal regulation.
In June, Axon, the number-one body-camera manufacturer in the United
States, agreed with its ethics board’s proposal
not tooutfit
Axon cameras with facial recognition (at least, for the foreseeable
future). Microsoft President Brad Smith called
for governments “to start adopting laws to regulate this
technology”last
year, while Amazon Web Services CEO Andy Jassy echoed those comments
in June, likening
the technologyto
a knife. It’s a less dramatic image than the plutonium
and nuclear-wastemetaphors
critics employ, but his message—coming from an executive at one of
the world’s most powerful facial-recognition technology outfits—is
clear: This
stuff is dangerous.

Less
than a decade after Amazon broke into the logistics industry, it has
become its own biggest shipper.

Researchers
found that nearly half (48%) of Amazon packages are delivered by the
company itself.

That's
a dramatic shift from two years ago, when the Postal Service
delivered more than 60% of Amazon parcels, and Amazon just around
15%.

The
e-commerce behemoth is already faster than competitors — and it has
ambitions of getting even speedier. It takes Amazon an average of
3.2 days to deliver a parcel after a shopper clicks "buy,"
per Rakuten Intelligence. For all other e-commerce companies, the
average time is 6 days.

Amazon
— which has started offering its shipping capabilities as a service
— will be able to ship products for about two-thirds the rates of
UPS and FedEx, Pellas projects. Its trucks and planes are out
delivering Amazon packages anyway so it can offer shipping at cost,
instead of collecting a margin.

Overly
aggressive? Is squeezing every nickel out of small business a good
long-term strategy?

SV
Academy just landed $9.5 million to offer tuition-free training that
puts people in tech jobs

… Even
as software
eats the world,
not everyone has the training or connections to land a high-paying
job in either the traditional tech industry or with a company that’s
actively embracing its digital future.

In
fact, it would be challenging to interest an executive recruiter in
someone who doesn’t have a tech background and didn’t go to
college, yet a company called SV
Academyis
doing just that. According to cofounder and CEO Rahim Fazal, the
nearly two-and-a-half-year-old, Bay Area company is currently helping
100 people every 30 days — or 1,200 per year — land jobs at
companies like SurveyMonkey, Palo Alto Networks, and PayPal.

Very
notably, it costs these job
candidates nothing. Employers pay SV Academy between $12,000 to
$15,00 per hire; all the prospects really need to do is
convince SV Academy that they have the drive required to take a
12-week, training program that teaches the skills necessary for
tech-based sales roles, plus a year of ongoing training and
mentorship for a year after they graduate.

… Founded
in 2012, Degreed offers over 1,500 certificates and credentials,
aimed primarily at
companies looking to develop and upskill their employees.
When teams sign on, they can identify the skills that they’d like
to develop, ranging from customer service to data analysis, strategic
planning to user experience design. The platform then surfaces
courses, videos, articles and other resources to teach users.

To
date, Degreed claims it has served more than 220 corporate clients,
including Airbnb, Boeing, Mastercard and Unilever. The company also
offers to certify individuals in certain skills for a fee of $129.
An unlimited membership plan is available for $399, according to the
company’s website.

Tech
giants are far from the only companies hiring workers with data
science skills. Employers in fields as diverse as media, finance and
medicine are searching for machine learning engineers to help
transform and enhance their product offerings.

Friday, June 28, 2019

Baltimore
City officials approved using $10 million in excess revenue to cover
the ongoing cost of the cyber attacks that immobilizedsome
of the city’s systems almost two months ago.

WBALreports
the city’s estimates board approved the emergency funds Wednesday
to help the hack recovery process, which is moving into its eighth
week.

… Systems
such as water billing remain offline.

The
city’s budget office has estimated
the total cost of responding to the hack at $18 million.
Hackers demanded$ 80,000 in ransom, but city officials said they
have been advised by law enforcement authorities not
to pay it.

Hackers
working for the US or one of its closest allies broke
into Russian search giant Yandexto
plant malwareto
spy on user accounts, Reuters reported Thursday. Called Regin, the
malware is known to be used by the Five Eyes intelligence-sharing
alliance of the US, Britain, Australia, Canada and New Zealand,
sources told the news outlet.

It
couldn't be determined which country was responsible for the Yandex
cyberattack. Reuters said it occurred between October and November
of 2018 and that the hackershad
access to Yandex's research and development unit for several weeks.

… Regin,
which antivirus software maker Symantec labeled a "top-tier
espionage tool,"
had been in use since as early as 2008 to spy on governments,
companies and individuals, Symantec reported in 2014.

A
former Equifax executive who sold
stocka
week and a half before the company announced a massive data breach
was sentenced Thursday to serve four months in federal prison for
insider trading.

Jun
Ying,
former chief information officer of Equifax’s U.S. Information
Solutions, pleaded guilty in March. His prison time is to be
followed by a year of supervised release, and he was also ordered to
pay about $117,000 in restitution and a $55,000 fine, the U.S.
attorney’s office in Atlanta said in a news release.

… To
help secure this new frontier, CIS® (Center for Internet Security,
Inc.) is releasing the free CIS Controls® Internet of Things
Companion Guide to help organizations apply the CIS Controls to the
IoT. The CIS Controls are internationally-recognized cybersecurity
best practices for defense against common cybersecurity threats.

The
digital forensics company Cellebrite now claimsit
can unlock any iPhone.

I
dithered before blogging this, not wanting to give the company more
publicity. But I decided that everyone who wants to know already
knows, and that Apple already knows. It's all of us that need to
know.

MIT
Technology Review – Can privacy survive?
“Every
year, commercially available satellite images are becoming sharper
and taken more frequently. In 2008, there were 150
Earth observation satellites in orbit;
by now there are 768. Satellite companies don’t offer 24-hour
real-time surveillance, but if the hype is to be believed, they’re
getting close. Privacy advocates warn that innovation in satellite
imagery is outpacing the US government’s (to say nothing of the
rest of the world’s) ability to regulate the technology. Unless we
impose stricter limits now, they say, one day everyone from ad
companies to suspicious spouses to terrorist organizations will have
access to tools previously reserved for government spy agencies.
Which
would mean that at any given moment, anyone could be watching anyone
else..”

… The
hurdles are in three broad categories. The
first is operational hurdles.
Where do you start? With people? With data? With technology? And
how does that work? The
second hurdle is around compliance and security.
Data has always been a sensitive issue, but it is getting
increasingly more so because we now have a better understanding of
how big an impact AI can have. There is more public opinion around
this, and the regulators have an opinion. You need to navigate
around these new complexities in order to make it work. Finally,
there is the ethical/societal question.
Decision-makers, team members, other business peers are questioning
whether we really want to do this. How do we solve the trolley
problem, for example?

“Berkman
Klein’s Cyberlaw Clinic launched the “Principles
Artificial Intelligence Project”to
map AI principles and guidelines. The team created a data
visualizationto
summarize their findings, and will later publish the final data
visualization, along with the dataset itself and a white paper
detailing their assumptions, methodology and key findings…”

Facebook,
the world’s largest social network with 2.4 billion users, is
developing a cryptocurrency that has
the potential to reshape the global financial system.
Called Libra,
the cryptocurrency and blockchain system is backed by major companies
and groups and scheduled to hit the market in 2020. Facebook wants
Libra to become a global currency that could help the 1.7 billion
‘unbanked’ people get access to financial systems.

Unsurprisingly,
the announcement was met with calls for tough scrutiny from
regulators and skepticism from technologists and the cryptocurrency
community. Congressional committee hearings already are planned. In
an op-edfor
The
Financial Times,
Facebook
co-founder Chris Hughes called the prospect of Libra’s success
“frightening.”
Facebook’s practice of moving fast and breaking things works for a
college social network, he said, but “it’s not appropriate for
the global monetary system.”

Wall
Street, however, gave a thumbs
upto
this endeavor because it adds a potentially big source of revenue for
Facebook beyond advertising. The stock was up as much as 8.5% in the
days after The
Wall Street Journal reported
that big backers have lined up behind Libra.

HTML/CSS
came a close second with 61% saying they had used it in the past 12
months, followed by SQL at 56% and Java at 50%. Although Python was
only fifth on the list, used by just under half of developers (49%),
it shows significant potential growth: 9% of respondents said they
intended to adopt it or migrate to it.

If
you use eBooks, you need Calibre and probably some of these plugins.

Washington
Post:
“A federal appeals court has revived the chances of monetary awards
being paid to federal employees and others whose personal information
was exposed in hacks of two government databases that were revealed
in 2015. The ruling criticized the Office of Personnel Management
for failing to safeguard that information despite having been the
target of prior hacking attempts and despite repeated
warnings from its inspector general’s office that
the databases were vulnerable. “OPM effectively left the door to
its records unlocked by repeatedly failing to take basic, known, and
available steps to secure the trove of sensitive information in its
hands,” said the decision Friday by the U.S. Court of Appeals for
the District of Columbia Circuit. The OPM deferred a request for
comment to the Justice Department, which declined to comment.

The
appellate court ruledthat
a federal district judge erred in dismissing a combined suit brought
by two federal employee unions, the American Federation of Government
Employees and the National Treasury Employees Union…”

On
June 11, DataBreaches.net noted a report that Lake City, Florida was
struggling
to recoverfrom
“triple threat ransomware.” The attack had occurred on May 10,
and one month later, the city’s landline phones were still knocked
out and other services were also affected, although emergency
services were operating.

Now,
one week after another Florida city, Riviera Beach, decided
to pay the equivalent of almost $600,000 ransomafter
they were attacked, Lake City has agreed to pay almost $500,000
ransom to its attackers. When the costs of this breach are
tabulated, including any replacement hardware and consulting fees,
legal fees, etc., this will likely be a very costly breach for Lake
City.

Whether
the attackers are the same individual or group or not is unknown, but
with two Florida cities paying high ransoms within a short period of
time, I think we can
reasonably predict many more attacks with ransom demands in the
half-million to million-dollar range.

CBS
News reports:

The
mayor of Lake City told
CBS 47 Action News Jaxon
Tuesday that the small city in northern Florida would give the
hackers $460,000 to hand back control of email and other servers
seized two weeks ago.

Presidential
Alerts that all modern cell phones in the United States are required
to receive and display as part of the Wireless Emergency Alert (WEA)
program can be spoofed, researchers have discovered.

Issued
via the Integrated Public Alert and Warnings System (IPAWS) along
with AMBER alerts and imminent threat alerts, the Presidential Alerts
are intended to inform the public of imminent threats and cannot be
blocked.

In
a recently published whitepaper, a group of security researchers from
the University of Colorado Boulder
has demonstrated how Presidential Alerts could be targeted in
spoofing attacks using commercially available hardware and modified
open source software.

Vice:
“Security
through obscurityis
out, security through tomfoolery is in. That’s the basic
philosophy sold by Track
THIS,
“a new kind of incognito” browsing project, which opens up 100
tabs crafted to fit a specific character—a hypebeast, a filthy rich
person, a doomsday prepper, or an influencer. The idea is that your
browsing history will be depersonalized and poisoned, so advertisers
won’t know how to target ads to you. It was developed as a
collaboration between mschf (pronounced “mischief”) internet
studios and Mozilla’s Firefox as a way of promoting Firefox
Quantum, the newest Firefox browser…” “These trackers and
these websites really commoditize you, and they don’t really make
you feel like a person,” Daniel Greenberg, director of strategy and
distribution for mschf, said in a phone call. “So we wanted to do
something visceral that makes the user feel like they’re in control
again.”

(Related)
An anti-social media checker. Some interesting phrases in this
video.

On
June 10, 2019, the UK Government’s Digital Service and the Office
for Artificial Intelligence released guidance
on using artificial intelligence in the public sector(the
“Guidance”). The Guidance aims to provide practical guidance for
public sector organizations when they implement artificial
intelligence (AI) solutions.

… The
section of the Guidance on using
AI ethically and safelyis
addressed to all parties involved in the design, production, and
deployment of AI projects, including data scientists, data engineers,
domain experts, delivery managers and departmental leads.

The
first AI universe sim is fast and accurate—and its creators don't
know how it works

For
the first time, astrophysicists have used artificial intelligence
techniques to generate complex 3-D simulations of the universe. The
results are so fast, accurate and robust that even the creators
aren't sure how it all works.

… The
real shock was that D3M could accurately simulate how the universe
would look if certain parameters were tweaked—such as how much of
the cosmos is dark matter—even
though the model had never received any training data where those
parameters varied.

The
City Council first passed a resolution Monday establishing the city’s
right to charge for fiber Internet service just as it charges for
water, sewer, other utilities, and impact and development fees.

Council
members then approved fees of $39 a month for 100 megabit per second
(Mbps) service, and $69 a month for 1 gigabit per second (Gbps) for
residences. The prices for businesses are $89 a month for 100 Mbps
and $149 for 1 Gbps.

In
a paper presented at the Programming Language Design and
Implementation conference this week, the researchers describe a novel
probabilistic-programming system named “Gen.” Users write models
and algorithms from multiple fields where AI techniques are applied —
such as computer vision, robotics, and statistics — without having
to deal with equations or manually write high-performance code. Gen
also lets expert researchers write sophisticated models and inference
algorithms — used for prediction tasks — that were previously
infeasible.

… The
researchers also demonstrated Gen’s ability to simplify data
analytics by using another Gen program that automatically generates
sophisticated statistical models typically used by experts to
analyze, interpret, and predict underlying patterns in data.

… Gen’s
source code is publicly
availableand
is being presented at upcoming open-source developer conferences,
including Strange Loop and JuliaCon. The work is supported, in part,
by DARPA.

Wednesday, June 26, 2019

A
new strain of malware is wiping the firmware of IoT devices in
attacks reminiscent of the old BrickerBot malware that destroyed
millions of devices back in 2017.

Named
Silex, this malware began operating earlier today, about three-four
hours before this article's publication.

The
malware had bricked around 350 devices when this reporter began
investigating its operations, and the number quickly spiked to 2,000
wiped devices by the time we published, an hour later.

… "It's
using known default credentials for IoT devices to log in and kill
the system," Cashdollar told ZDNet in an email today. "It's
doing this by writing random data from /dev/random to any mounted
storage it finds.

… On
June 20, 2019, Hogan Lovells partners Mark Brennan and Bret Cohen
discussed in great detail the impact of the law, explained key
definitions, and offered practical guidance on how to navigate it
during the webinar, “Operationalizing the California Consumer
Privacy Act.”

To
hear the full webinar, please click
here.
To access the slide presentation, please click here.

Exclusive:
In a world first, Facebook to give data on hate speech suspects to
French courts

In
a world first, Facebook has agreed to hand over the identification
data of French users suspected of hate speech on its platform to
judges, France’s minister for digital affairs Cedric O said on
Tuesday.

… The
decision by the world’s biggest social media network comes after
successive meetings between Zuckerberg and Macron, who wants to take
a leading role globally on the regulation of hate speech and the
spread of false information online.

So
far, Facebook has cooperated with French justice on matters related
to terrorist attacks and violent acts by transferring the IP
addresses and other identification data of suspected individuals to
French judges who formally demanded it.

...
“It is a strong signal in terms of regulation,” said Sonia
Cisse, a counsel at law firm Linklaters, adding that it was a world
first. “Hate speech is
no longer considered part of freedom of speech, it’s now on the
same level as terrorism.”

With
Facebook’s latest move, France is now a clear frontrunner in the
quest to regulate big social media outlets, and other platforms might
follow suite, Cisse said.

Stuart
Russell, coauthor of the standard text on AI, “Artificial
Intelligence: A Modern Approach,” joins Azeem Azhar to discuss the
progress of AI research and implementation and how to ensure the
outcomes are beneficial.

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.